Course Content
Working with Time (WWT)
Statistical Processing (SSP)
Comparing Values (SCV)
Result Modification (SRM)
Leveraging Lookups and Subsearches (LLS)
Correlation Analysis (SCLAS)
Prerequisites
To be successful, students should have a solid understanding of the following:
- How Splunk Works
- Creating Search queries
- Knowledge objects (specifically reports, lookups, and fields)
OR have taken the following:
- Foundation Fast Start OR
- What is Splunk? (WIS), Intro to Splunk (ITS) and Using Fields (SUF)
Outline: Splunk Search Expert Fast Start (SE-FS)
Topic 1 – Working with Time
- Searching with Time
- Formatting Time
- Comparing index Time versus Search Time
- Using Time Commands
- Working with Time Zones
Topic 2 – Statistical Processing
- What is a Data Series?
- Transforming Data
- Manipulating Data with eval
- Formatting Data
Topic 3 – Comparing Values
- Using eval to Compare
- Filtering with where
Topic 4 – Result Modification
- Manipulating Output
- Modifying REsults Sets
- Managing Missing Data
- Modifying Field Values
- Normalizing with eval
Topic 5 – Leveraging Lookups and Subsearches
- Using Lookup Commands
- Adding a Subsearch
- Using the return Command
Topic 6 – Correlation Analysis
- Caclulate Co-Occurance Between Fields
- Analyze Multiple Datasets
